You are not supposed to give sudo rights to all users, just to the one(s) that needs to install stuff, and he is the supposed admin of the system, what’s better is that you are not giving root passwords to anyone, yet an app getting vulnered will not be able to scalate either. At the end sudo is at least as safe as the alternative, if not safer.

# sudo passwd root new_password new_password

Yes you can, but you still have sudo userpassword, which is intrinsically unsafe. sudo was not designed to be a generic tool for doing system administration, it was designed so that a System Administrator, a person with root access (that is the person with access to the root password), could give non adminstration users temporary and minimal access to certain system commands. By using sudo the way Ubuntu does, reduces the security of the Linux system.

Also in practice very few, if any, Ubuntu users are going to go to the trouble of setting up a root user and root password, so that Ubuntu functions the same way as other linuxes. The whole point of sudo, on Ubuntu, was to make the experience of using close to the Windows experience as possible. In the process Linux security has been compromised somewhat.

quote: you can even do sudo gdmsetup (( i think it is gdmsetup)) and enable a graphical root Logon.

That would be stupid. you would have an even more broken linux, like Linspire is.

# sudo passwd root new_password new_password

you can even do sudo gdmsetup (( i think it is gdmsetup)) and enable a graphical root Logon.
Cheers.
Great post BTW. You are on my rss list.

Of course you do.

The problem is, all the person breaking in to the Ubuntu system has to know is the user’s password, and they have the keys to the kingdom, and most people use easily guessable passwords for their own account, as most people find creating and typing in passwords onerous.

However on my Mandriva System, even if you do manage to get my personal password, or indeed the personal password of any other user on my Mandriva Systems, you still have to find the root password.

The point of universal sudo, for system administration, on Ubuntu is not improved security. It’s point is to provide a Linux that has a user experience that is closer to the user experience on Windows, in order to get Windows users, particularly less technical windows users, to use a Linux.

I have to dissagree with you there, The advantage of not having a root is that you don’t have a root session, you just grant root privilages to an application of one execution only with sudo. If you choose a good passwd there is no issue. If you are realy parranoid, you can treat the primary user account like root and create a limited account for normal day to day use. I don’t see any advantage in the seperate root model. Also, anyone trying to break in will be expecting a root accoutn immediatly, whereas in ubuntus method, they’d have to guess the admins username too!

Yeah it’s like that with Mandriva too, and the security is even better, with Mandriva, because you don’t rely on the user’s password to do System changes, you have a real root and a separate root password.